Switch SSL to haproxy instead of Apache

  • I have been running my blog site with https for a little while. Switching was a bit painful, but I got through it and really did get everything running with ssl, including all URLs embedded in posts and comments.

    Now I would like to terminate SSL on haproxy and use unencrypted connections to the back end. I’ve got good reasons for this, but they are not relevant to this question.

    If I configure haproxy to talk to the back end server with https, everything’s fine … but if I try to switch to an unencrypted connection, then the blog site doesn’t work right — the self-referential URLs created for resources like javascript, css, xmlrpc.php, and other things are all using http. It appears that they aren’t even trying to load, which I think may be happening because I am setting the Strict-Transport-Security http header in the responses from haproxy.

    For performance reasons, I would like to make all requests to the back end with http. How do I make all of the self-referential URLs within wordpress either use https or make them truly relative URLs that don’t include the protocol and site, just the URL path?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Shawn Heisey

    (@elyograg)

    On the haproxy mailing list, I was directed here:

    https://codex.www.ads-software.com/Administration_Over_SSL#Using_a_Reverse_Proxy

    This made the self-referential URLs work right, but then when I logged in (successfully), I could not access the admin pages. It said I did not have permission. Removing the extra config and switching haproxy back to the SSL backend caused everything to work, but I want to use the HTTP backend. This was with WP 4.3.1.

    I have now upgraded WP to 4.4.1 and also updated all plugins and themes. Later I will try the config changes again to see if maybe the WP upgrade makes a difference.

    Thread Starter Shawn Heisey

    (@elyograg)

    With wordpress and associated software upgraded, there was no difference. Login works with no problem, but I have no permission to reach the admin.

    For overall performance reasons, I would like the backend access from haproxy to be unencrypted, while the user’s connection to haproxy *is* encrypted. Currently the server must encrypt all information twice.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Switch SSL to haproxy instead of Apache’ is closed to new replies.